Solaris SPARC 

1.5.0_09 (Yes) 

1.6.0 (No) 

Yes 

Solaris x86/AMD,AMD64 

1.5.0_09 (Yes) 

1.6.0 (No) 

Yes 

Linux 

1.5.0_09 (Yes) 

1.6.0 (No) 

No 

Windows 

1.5.0_09 (Yes) 

1.6.0 (No) 

No 

HP-UX 

1.5.0_03 (Yes) 

No 

Sun 

UltraSPARC 

Solaris 8, 9, 10 

256 MB 

550 MB 

Sun 

AMD/x86 

Solaris 9, 10 (x86) 

Solaris 10 (AMD64) 

256 MB 

550 MB 

Microsoft 

AMD/x86 

Windows 2000 Advanced Server, Service Pack 4 

Windows XP Professional Edition, 

Windows 2003 Server, Enterprise Edition 

256 MB 

550 MB 

Red Hat 

AMD/x86 

Red Hat Enterprise Linux AS 3.0 (Update 4 or later), 4.0 (or later updates) 

256 MB 

550 MB 

Novell 

AMD/x86 

SUSE Linux Enterprise Server 9 (or later updates) 

256 MB 

550 MB 

Hewlett-Packard 

PA-RISC 2.0 

HP-UX 11iv1 (B.11.11) 

256 MB 

550 MB 

            Solaris 10 6/06 s10x_u2wos_08 X86
   Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved. 
             Use is subject to license terms.
                   Assembled 02 May 2006

Solaris 8 SPARC 

109147-37 (linker patch) 

109147-38 (linker patch) 

109147-39 (linker patch) 

109147–40 (linker patch) 

Solaris 9 SPARC 

112963-22 (linker patch) 

112963-23 (linker patch) 

112963-24 (linker patch) 

112963-25 (linker patch) 

Solaris 10 SPARC 

117461-04 (ld patch) 

117461-05 (ld patch) 

117461-06 (ld patch) 

117461-07 (ld patch) 

117461-08 (ld patch) 

Solaris 9 x86 

113986-18 (linker patch) 

113986-19 (linker patch) 

113986-20 (linker patch) 

113986-21 (linker patch) 

Solaris 10 x86 

118345-08 (ld and libc.so.1 patch) 

118345-09 (ld and libc.so.1 patch) 

118345-10 (ld and libc.so.1 patch) 

118345-11 (ld and libc.so.1 patch) 

121208-02 (ld and libc.so.1 Patch) 

Download and use the appropriate operating system patches. You can download the Solaris patches from http://sunsolve.sun.com/search/document.do?assetkey=1-26-102775-1. For other platforms, download similar DST compatible patches from operating system vendor's web site.

Upgrade the JRE to make sure that Administration Server and Java Web Applications are not impacted by this change. Download and use the appropriate JRE that has the fix for DST changes. JRE versions for the supported platforms are as follows: 

Web Server documentation topics organized by tasks and subject 

Documentation Center

Late-breaking information about the software and documentation 

Release Notes

Performing installation and migration tasks: 

• Installing Sun Java System Web Server and its various components, supported platforms, and environments

• Migrating from a previous version of Sun Java System Web Server

Installation and Migration Guide

Performing the following administration tasks: 

• Using the Administration Console and CLI

• Configuring server preferences

• Using server instances

• Monitoring and logging server activity

• Using certificates to secure the server

• Configuring access control to secure the server

• Using Java 2 Platform, Enterprise Edition (J2EE) platform security features

• Deploying applications

• Managing virtual servers

• Searching the contents and attributes of server documents, and creating a text search interface

• Configuring the server for content compression

• Configuring the server for web publishing and content authoring by using WebDAV

• Using regular expressions for setting up redirection

Administrator's Guide

Using programming technologies and APIs to do the following: 

• Extend and modify Sun Java System Web Server

• Generate content dynamically, in response to client requests

• Modify the content of the server

Developer's Guide

Creating custom Netscape Server Application Programmer’s Interface (NSAPI) plug-ins 

NSAPI Developer's Guide

Implementing servlets and JavaServer Pages^TM (JSP) technology in Sun Java System Web Server

Developer's Guide to Web Applications

Editing configuration files 

Administrator’s Configuration File Reference

Tuning Sun Java System Web Server to optimize performance 

Performance Tuning, Sizing, and Scaling Guide

Resolving issues with Web Server 7.0 

Troubleshooting Guide

6364924 

A node can be registered to multiple administration servers which may cause a configuration conflict.

It is possible to register a node to a second Administration Server without canceling the registration with the first Administration Server. However, this leads to the nodes becoming inaccessible to both the Administration Servers. 

Workaround:

On each registration, restart the administration node. The administration node will be available to the most recent Administration Server it has registered to. 

6379125 

wadm command allows connecting to a node, shows a certificate and then throws a 'HTTP 400 Error'.

When an administration node receives a connection, the administration node does not check the connection is from the Administration Server before proceeding. It not only prints an inappropriate error message, but also prompts the user to enter the password.  

4793938 

User and password dialog presented instead of directory index.

By default, Web Server 7.0 does not send a directory index unless the user has been authenticated. Attempting to access a directory prompts the user to enter a user name and password. This occurs because the default Access Control List (ACL) in Web Server 7.0 grants the list access right only to authenticated users. 

Workaround

You can grant the list access right to unauthenticated users using the Admin Console or by editing the default.acl file. For more information on how to grant list access right, see Configuring Access Control in Sun Java System Web Server 7.0 Administrator’s Guide.

6327352 

Session replication enabled instances does not come up normally, if other instances in the cluster are not started.

6364702 

wadm commands do not return valid error codes [0-125] when success or failure.

6393534 

After migrating the Java keystore keycerts using the migrate-jks-keycert command, trying to list the migrated jks keycerts using the list-certs command, displays the CN, org and other information instead of the certificate nickname.

6407486 

While setting the SSL property using the wadm set-ssl-prop command, the server-cert-nickname property accepts any certificate nickname, instead of accepting only the server certificate nickname.

6439577 

Does not prompt for the token password when the instance is started from the wadm command prompt with a wrong token-pin.

6443742 

The set-session-replication-prop CLI command does not workif the 'node' option is provided with a qualified domain name.

Workaround

Use the output of the list-nodes command for the valid names of the nodes in the set-session-replication-prop command.

6450360 

The create-authdb command does not validate the URL at the time of the authentication database (authdb) creation. The create-authdb command successfully creates an authentication database with the wrong URL.

6450800 

The get-error-log and the get-access-log commands displays cluttered and improper messages.

6459106 

The wadm deploy fails to deploy the cluster configuration.

If any changes occur to the instance configuration files, manually or otherwise, the deploy-config command displays an error message stating that the instance has been modified.

The web applications deployed within the instances' web-app directory should not create, delete, or modify files within the web application's context-root. If modified, the Administration Server considers the instance to be modified. The deploy-config displays an error message.

Workaround

Either type the deploy-config command with --force option, or, type the pull-config command.

6462040 

The create-reverse-proxy CLI command creates an unnecessary new obj.conf file for the default virtual server.

6464953 

Setting digestauthstate property through the set-authdb-prop CLI does not validate the value and allows to set junk value for this property.

6467665 

Migrating certificate with an invalid file path using the migrate-jks-keycert command, prompts the user to enter the keystore-password and the key-password.

6468570 

Specifying "yes" at the wadm prompt crashes the CLI.

6469104 

The create-selfsigned-cert command allows you to define an inappropriate validity period while creating a server certificate.

6469109 

The delete-cert command does not delete a certificate which is created with token "Sun Software PKCS#11 softtoken".

6469676 

When you try to connect to the Administration Server after the administration certificates have expired, an incorrect error message is displayed.

6471649 

The list-events command output is not aligned.

6471737 

The list-instances command lists the instances even if you do not specify the configuration value.

6471744 

Incorrect error message is displayed if you execute the list-tokens command without specifying the configuration value.

6471754 

Incorrect error message is displayed if you execute the list-authdb-userprops command without specifying the authdb value.

6472210 

No error message is displayed if you execute the get-ssl-prop command with an invalid http-listener value.

6472314 

The list-certs command prompts for a pin even if you specify an invalid configuration value.

6476111 

Cannot edit the MIME types using the Admin Console.

6478601 

Displays an improper message when you stop an instance that does not exist.

An error message `Successfully stopped the server instance' is displayed if you try to stop an instance that does not exist. 

6480523 

wadm allows you to create a configuration with a negative port number.

6480600 

The register-node command gives an incorrect error message when the Administration server runs out of disk space.

6487628 

No appropriate administration error code is printed if a non-existent file is passed with wadm's -f option.

6489765 

Incorrect error message is displayed if you execute the create-cert-request command with an invalid key-size value.

6489777 

The delete-group command displays an incorrect error message if you specify an invalid group value.

6489779 

No error message is displayed when you execute the list-group-members command with an invalid group-ID value.

6490728 

Cannot set the rewrite-location properties using the set-reverse-proxy-prop command.

You cannot set the -rewrite-location property to false. The value specified for the -rewrite-location is not validated. For example, specifying the = symbol for the i-rewrite-location option corrupts the obj.conf file and results in parser error.

6492315 

The set-token-prop command sets wrong passwords in the server.xml file even if the token pin has not been specified.

6492469 

Incorrect error message is displayed on LDAP user creation failure.

6494353 

If an invalid node name is specified while deleting an instance, an incorrect error message is displayed.

6494950 

The register-node command runs successfully with non SSL port only in shell mode.

In shell mode, typing the register-node command with the -no-ssloption registers the node successfully as the command is falsely executed in the SSL mode.

6405018 

The get-jvm-prop command does not print the command when echo is enabled in shell mode.

Workaround

Type the get-jvm-prop command in single mode if you want to use the -–echo option.

6495446 

If no disk space is available on the device, wadm throws an incorrect error message "Unable to communicate with the administration server".

6499507 

Incorrect error messages are displayed when you execute the list-locks and expire-lock commands.

6499510 

A 'null' message is displayed if you execute the list-instances, list-crls, list-tokens, and list-certs commands without specifying the configuration name.

6499512 

The error message for the list-url-redirects command is not localized.

6500119 

wadm prompts for a token pin if you specify an invalid configuration name while trying to delete an existing certificate.

6500146 

While creating an HTTP listener using the CLI, the create-http-listener command creates a listener with null value as name.

6500150 

If you do not specify a virtual server while executing the list-dav-collections command, an incorrect error message is displayed.

6500151 

If you do not specify the authentication database while executing the list-users, list-org-units, list-groups, and list-group-members commands, an incorrect error message is displayed.

6500152 

If you do not specify a virtual server while executing the list-uri-patterns command, an incorrect error message is displayed.

6500154 

If you do not specify a JNDI name or specify an invalid JNDI name while executing the list-jdbc-resource-userprops, list-soap-auth-provider-userprops, list-auth-realm-userprops, list-external-jndi-resource-userprops, list-custom-resource-userprops commands, an incorrect error message is displayed.

6502631 

When installing the Web Server to have a default instance with a non-root runtime user, the non-root runtime user is unable to use wadm to start the default instance. If the non-root user executes the default instance's startserv script then the user is able to start the instance.

6502800 

Executing the migrate-server command with both "--all" and "--instance" options does not result in an error.

A warning or an error message should be displayed indicating that the user is attempting the set mutually exclusive options. 

6503350 

Error message given when entering invalid wadm command is misleading.

When you type an invalid command, an error message “Invalid command <command name>. Use "help" command for a list of valid commands.” is displayed. The help man page does not contain a list of valid command. Therefore this error message is misleading. 

6503944 

The create-user command usage for the LDAP authentication database is ambiguous.

6503949 

The create-group command usage for the keyfile authentication database is ambiguous.

6504095 

The set-cert-trust-prop command accepts incorrect properties and does not show proper error message.

6416328 

The Start Instances. button in the Admin Console is enabled for instance which is already running.

The buttons should be enabled or disabled based on the status of the instance. 

6418312 

wadm allows you to define duplicate user properties.

Adding duplicate user properties does not show an error message; however, a new user property is not created. 

6421740 

There is no provision to create new Access Control List (ACL) file using the Admin Console or the CLI.

6423432 

On Windows, using an existing configuration, repeating the process of adding and removing the registered nodes causes validation failure.

6426116 

Clicking on the Version button in the Admin Console result in “file not found” warning in Administration error logs.

6430417 

MIME Types allows MIME value with multibyte characters.

6430780 

While monitoring a virtual server, the rate at which bytes are transmitted is computed erroneously.

6442081 

Text in Access Control List page is not formatted.

6442172 

User can be switched between `available' and `selected' lists in ACE even though the user is deleted from the authentication database.

6443845 

Administration Server does not validate the password length and mechanism support of the given token.

6446162 

No warning is issued before the deletion of key or the digestfile authentication database.

6446206 

When a single user in group is deleted, an incorrect message “Group Saved Successfully" is displayed.

6448421 

Administration Interface allows you to create a new user with multi-byte User ID in the keyfile authentication database.

6449506 

Certificate with same server name as existing certificate cannot be created with the same nickname.

6450236  

Admin Console: wrong example in localization screen.

Example for default language is wrong (en-us), instead it should be en_US.  

6455827 

User and Group table in the Admin Console displays the entire result in a single page.

6461101 

Labeling of the Request Certificate and Install buttons in the Admin Console Create Self-Signed Certificate page needs to be revised.

6461553 

Virtual Server Web Applications page title help is incorrect.

6462057 

Add and Remove buttons are enabled in new ACE window even if no items are present in the `Available' list.

6462891 

No Admin Console is available to deploy web applications in user specific location.

6464891 

Admin Console truncates the display of server logs at 50 lines or 2 pages.

6465382 

No validation exist to check the entry of wrong country code in the certificate request wizard.

6465421 

In the Admin Console, no text field description is provided for virtual-server, authdb, dav collection, and event fields .

6465470 

Incorrect text in Groups settings page.

The text should read as “From this page you can add/remove user groups in the selected Authentication Database” instead of “From this page you add/remove user groups in the selected Authentication Database.” 

6465480 

Incorrect message when you delete a JVM profiler.

The message should read as “Profiler deleted successfully” instead of “Profiler saved successfully”. 

6466336 

Admin Console shows wrong JDK version while creating a new configuration.

The JDK version displayed in the Admin Console is 5.0 u6 instead of 5.0 u7. 

6466409 

Incorrect error message is displayed when you provide a wrong path while adding web application.

6467164 

The window titles of the Admin Console wizards are not consistent.

6467785 

Admin Console gives incorrect error message when you provide invalid Directory Server configuration values.

6470585 

URI prefix of document directories is accepts the value without '\'.

6471111 

After you change the JDK path in the Node page of the Admin Console, the Administration Server fails to restart.

6471171 

Style formatting is lost after restarting the Administration Server from Nodes -> Administration Server General tab.

6471367 

Attempting to access the Admin Console in another tab of the same browser does not work.

6471792 

View Log displays result in a single page.

Although the search criteria selected for record size is 25 log entries, the log displays the results in one single page even if there are more than 50 log entries. 

6472385 

Token password changes made through the CLI is not reflected in GUI. It requires a browser refresh.

6472932 

Token mismatch error is displayed when you remove the token password and then reset it in the Common tasks -> Select configuration -> Edit configuration -> Certificates -> PKCS11 Tokens page.

6473518 

Prompt to enter token pin while starting instance should not appear if configuration has not been deployed.

6474650 

The `Next' button in the Admin Console wizards should be disabled if the mandatory fields are empty.

6476095 

Admin Console does not provide an option to edit document directories and CGI records.

6476736 

Admin Console should have a tab to add and edit MIME mappings at the Virtual server level.

6477840 

Admin Console should provide large text region for entering class path prefix, class path suffix, and native library path prefix.

6478090 

`Current Password' field in the Nodes -> Select Administration Server-> Certificates -> Token Password Management page should be disabled if no token password has been set for the administrator.

6478165 

Usability issues in the Install CRL page after incorrect file path is entered for CRL file on server.

6478229 

The Instance->New page has incorrect title.

6478292 

The Common Tasks->Select configuration ->Select Virtual Server ->Edit Virtual Server ->WebDAV->New page should have the Enter Users field only if the authentication database is PAM.

6478303 

Admin Console allows you to create an ACE without entering user or group information for ACL. The check is not done if the authentication database is PAM.

6478612 

Inline help for range of values accepted by Request Header Time-out text field is incorrect.

6486037 

The Virtual Server Management->Content Handling->Document Directories->Add should have a browse option to choose the path of a additional document directory.

6490705 

Unable to configure uri-pattern specific configurations using the Admin Console.

6492906 

Message displayed about WebDAV collection locks in the Admin Console is misleading.

If you specify the time-out value for the WebDAV collection as infinite, the Common Tasks->Select Configuration ->Select Virtual Server->Edit Virtual Sever ->WebDAV->Select collection page displays the message DOES NOT EXPIRE. What it actually means is that the lock does not expire automatically after a specified time or the time-out is infinite.

6496545 

Admin Console displays invalid properties when custom authentication database user properties are created through Administration CLI.

6498484 

Incorrect error message is displayed on setting empty token password using the `Set passwords' button.

6498554 

Admin Console displayed incorrect failure messages on certificate creation and deletion.

6500157 

Instance fails to restart if you try to edit a token password and deploying configuration on an instance which is already running.

6500228 

The Admin Console displays an exception when you create a duplicate record of a MIME types.

6501882  

Start SNMP Master Agent button is not working properly.

6502287 

The Admin Console displays an exception when you delete a configuration and click on the Migrate button.

6502303 

The Admin Console Migrate wizard creates multiple configurations if you click the Finish button multiple times.

6502374 

The Admin Console Review screen in wizards should only show fields that have values.

6502793 

During migration, the log-dir path permission is not validated.

6504050 

The Results page in all Admin Console wizards should be aligned properly.

6504495 

Admin Console has 508 compliance issues.

6504758 

Unable to edit the server configuration using Admin Console if the deployed Web application has symbolic links.

6504951 

User selection process in the Common Tasks->Edit Virtual Server->WebDAV->New page needs validation.

6266358 

Cannot log in through the Administration CLI if the administration password has extended ASCII characters.

6360666 

Installed CRL should have a meaningful name.

6361329 

The error-response file name should be validated.

6364821 

Administration CLI should support URIs, URI prefixes, URI wildcard patterns, and URI regular expressions for all commands that operate on URI space.

6365379 

Inconsistent behavior while starting an unregistered administration node.

6366956 

Search schedule events do not work from the Admin Console.

6367282 

Administration server starts with expired certificate; wadm should warn about expired certificates.

6367751 

The create-instance command fails on remote node intermittently and logs HTTP 400 error.

6375505 

The unregister-node command should also clean up certificates on the administration node.

6378612 

64–bit instance does not start on 32–bit remote node.

6408169 

WebDAV lock CLIs do not work in a cluster environment.

6408186 

Multiple installations of the administration nodes on the same node that is registered to the same administration server should be not be allowed.

6416369 

Accessing the administration node URL results in Page Not Found error.

As the administration node does not have a GUI, accessing the administration node URL results in Page Not Found error.

6416705 

The default server.xml should not contain the <stack-size> element.

6422936 

No validation for class path prefix and suffix, and native library path in JVM Path Settings in Java.

6423310 

The server.xml elements should be grouped based on functionality.

6423391 

When a server certificate with data in non-DER format is installed, an incorrect error message is displayed.

6426108 

Exception in administration error logs on creating new configuration with instance.

6431984 

Web Server should store its pid file and UNIX domain sockets in /var/run instead of /tmp.

6439132 

Exceptions in Certificate Installation wizard not clear.

6441773 

On Windows. Administration server moves the Web application files physically before stopping the Web application.

6451307 

Executing the create-instance command immediately after starting a remote node fails on the remote node.

6454559 

View server logs page throws error if the access log format is not in Common Log Format (CLF).

6462515 

The Admin Console misleads user with "Instance modified" message when runtime files gets created in the config directory.

6462579 

Trust store does not deleted on uninstalling the administration node after unregistering it with the administration server.

6468132 

The list-cert command does not list the certificates if the certificate nickname contains a colon.

6468330 

Changes made to the JavaHome property does not get saved after restarting the instance.

6468676 

No validation exists for 'Java Home' field; accepts invalid data.

6473577 

<pkcs11> element not removed from server.xml even when child elements are absent.

6473589 

<pkcs11/> added to server.xml when token pin is set.

6474668 

HTTP Listener field accepts names with spaces. This is invalid.

6475536 

No obvious way to reset the administration server password.

Workaround

1. Comment out the security-constraint in install_dir/lib/webapps/jmxconnectorapp/WEB-INF/web.xml.

2. Restart the Administration Server.

   This action turns off the authentication on the administration server.

3. Set the administration password by using the set-admin-prop command.

6476111 

Unable to edit MIME types either using the Admin Console or the CLI.

6483365 

GUI and CLI accept Web Server 7.0's server root for migration

The Admin Console and the CLI accept the Web Server 7.0 path instead of Web Server 6.1 or Web Server 6.0 path during migration. Web Server 7.0 path is not a valid path for the server-root property in the migrate-server command.

6483902 

Error in Configuration Virtual Servers page.

Trying to enter a combination of $@ string for the Denied Access Response field in the Virtual Server page results in an error.

6489727 

[JESMF CONFORM] CP when stopping should call MfManagedElementServer_stop().

6491749 

Need better validation in certain text fields to prevent obj.conf file corruption.

Most of the functional validation of the data in a form is done in the back end. The GUI has only minimal checks such as empty fields, integer values, and ASCII values. Hence, the GUI stores the data in the obj.conf when parsed gets corrupted .

6492176 

Default and null values get stored in obj.conf when a new configuration is created and saved using the Admin Console.

Administration Server stores the values passed by the Admin Console into obj.conf file without any validation.

6493971 

Admin Server does not time-out if the server instance restart does not respond.

On UNIX systems, the Administration Server waits until the server instance is restarted when the restart-instance command is executed. If the instance is not successfully restarted, the Administration Server does not respond to requests.

6497004 

SaveConfigException displayed on CLI during set-authdb-prop.

If a nonexistent file path is provided to the path property for keyfile authdb by using the set-authdb-prop command, results in SaveConfigException instead of a File does not exist message.

See the error log for the Administration Server. 

6497143 

At times, the execution of stop-admin command displays the "Admin Server Not Running" message when the Administration Server is actually running.

6497213 

Executing the restart-admin command followed by the stop-admin command throws exception in administration error logs.

6498411 

The get-cert-prop does not display only those properties mentioned in the <displayproperties> element.

6500715 

Server error on trying to access a file in the cgi-bin directory.

6292582 

SNMP Management Information Base (MIB) for "iwsFractionSysMemUsage" does not show correct results

SNMP MIB "Fraction of process memory in system memory" which is part of iws.mib gives wrong results when queried by the SNMP manager utility.

6425144 

On Windows, wadm does not update classpath correctly if classpath contains a semicolon (;)

The semicolon in tcl is interpreted as a command terminator, which is used to group multiple commands in a single line. On Windows, semicolon is used as a path separator.

Workaround

Use wadm in single mode if the semicolon is used in property values.

6479247 

On Windows, dialog box to enter the token password appears on restarting an instance after the deployment. This behavior is not see on other platforms.

6482536 

<listen-queue-size> upper bound is set to 65535, which is too small. Need to increase the <listen-queue-size> upper bound.

6500715 

Incorrect ObjectType fn="force_type" added in object cgi on creation of new cgi directory.

When creating a new cgi directory, an incorrect object type force_type is added to the obj.conf file.

Workaround

• Manually edit the config/obj.conf file or the config/vs-obj.conf under https-config-directory and remove the following line.

  ObjectType fn="force_type" type="magnus-internal/cgi"

  On Windows, if shell-cgi is enabled, then remove the following line from the obj.conf file.

  ObjectType fn="force_type" type="magnus-internal/shellcgi"

• Type the pull-config command from the command line to bring over the manual change to the Administration Server configuration repository.

  • Change directory to Web Server 7.0 installation directory

  • Start the Administration Server

  • Type the pull-config command as follows:bin/wadm pull-config --user=admin --config=config-name

  Or, you can login to the Web Server Admin Console and bring over this manual change to the Administration Server configuration repository.

6296993 

When there is an error executing an obj.conf directive, the filename and line number where the offending directive was found are not logged.

6365160 

When server.xml schema validation fails due to a data type constraint violation, it displays an error message that does not describe the set of valid values for the element.

6366843 

Limited capability for searching web applications, servlet , virtual server or nodes by names in core monitoring.

6368605 

Configuration error can cause child processes to be re-spawned in a loop.

If a configuration error is introduced after server startup, for example, obj.conf is deleted, and a child process is killed, the primordial process attempts to re-spawn that child process in an infinite loop.

6375367 

Improper error response to time-out following incomplete request.

If you telnet to Web Server, press Enter, and wait for the time-out, the following error response is returned:  

HTTP/1.1 400 Bad Request

Your browser sent a message this server could not understand.

6378940 

All HTTP header parsing error are not logged with the client IP and a description of the error.

6470552 

set-variable SAF could not set predefined variable.

6479062 

Cannot dynamically reconfigure HTTP listener family. The Instance does not start on setting the protocol family to nca.

6485965 

If-modified-since processing is slow.

The server's handling of If-modified-since headers assumes that the header field value will typically match a previously sent Last-modified header field value. This is true of normal, real world clients. This is not true, however, of the SPECweb2005 driver.

6486480 

service-nsfc-dump entry hit counts are 0 with <replacement>false</replacement>.

If <replacement>false</replacement> is specified in server.xml file, entry hit counts show as 0 in the service-nsfc-dump output. However, the cache hit counts are displayed correctly.

6489220 

Server treats non-interpolated strings that contain $$ character constants as interpolated.

When a parameter value contains a $$ escape, the server constructs a PblockModel for the parameter block. This is unnecessary because $$ is a constant.

6489269 

'external' expression function with quoted path is not working.

6492407 

Front-end file accelerator cache.

Depending on ACLs and obj.conf configuration, a front end accelerator cache can service static file requests for URIs that were previously processed using NSAPI. The accelerator cache must work with the default configuration.

6496332 

File cache does not store small files on the heap and send large files with sendfilev.

With <sendfile>true</sendfile> in server.xml, the server should use sendfilev() only for files that does not fit in the heap. This enables the server to use writev() for small files and sendfilev() for large files.

6498452 

Server should not respond with '413 Entity Too Large'.

The server currently responds with a 413 Entity Too Large message when the request header is too big. 413 Entity Too Large message refers to the entity, not the header.

6498928 

Output directives are not invoked for 0-byte files.

Output directives are not invoked for 0-length responses unless protocol_start_response() is called. send-file does not call protocol_start_response() function. Output directives are not invoked when sending 0-byte files.

6501180 

Buffer-size 0 does not work.

If <buffer-size>0</buffer-size> is specified in server.xml, the server fails to correctly serve the files.

6502258 

Server crash with large output buffers.

If the output stream buffer size is bigger than the input buffer size, the server might attempt to buffer data at an invalid address. The default input buffer size is 8192 bytes.  

6504755 

Cannot disable access logging in default server instance.

The value of the <access-log> <enabled> element is ignored in the server.xml file.

6505390 

Accelerator cache does not handle ssl-unclean-shutdown properly.

The accelerator cache does not interact correctly with the AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true" directive in the default configuration. When such a directive is present, the accelerator cache applies the "unclean shutdown" setting to every connection, regardless of the browser used.

6432375 

On HP-UX, SNMP fails for some oid values.

Workaround

Due to lack of the HP-UX API support and complexity, network in and out traffic statistics is not implemented. Use HP tools for monitoring the traffic statistics. 

6483212 

On HP-UX 11.11, Web Server fails to start when max heap size is 2048 MBytes or greater.

Workaround

1. Ensure that patch PHKL_28428 or its updated version is present on the system. If it is not present, install the patch.

2. Type the following commands before starting the Web Server:

   • For 1500 MBytes to 2400 MBytes of Java heap: Type the following command before starting the Web Server:

     chatr +q3p enable /opt/sun/webserver7/lib/webservd

   • For 2400 MBytes to 3.8 GBytes of Java heap: type the following command before starting the Web Server:

     chatr +q3p enable +q4p enable /opt/sun/webserver7/lib/webservd

3. Start the server.

   /opt/sun/webserver7/lib is the default location of the webservd binary.

6358250 

Admin Console help resources and links properties files needs to be updated.

The 'Help' button on each page of the Admin Console does not have helpFileName to display in the help popup window. The HelpLink.properties file needs to be updated.

6474011 

The basic-search.html has unclear description.

6479045 

Admin Console online help needs to be updated.

The online help needs to be updated for the following:  

1. Context-based help should be provided.

2. All screens must have a corresponding help page.

3. Help pages must reflect the changes in the GUI.

4. Inconsistent usage of terminology between the GUI and online help.

5. Fix grammatical errors.

6. Detailed description for some topics.

6482764 

Mismatch between online help and the Admin Console.

6498477 

Missing help file under config tokens page.

Common Tasks > Edit Configuration > Certificates > PKCS11 Tokens, the help file for this screen is missing. 

4928287 

Need to doc the non-existance of <instance>/lib

All documents do not inform user the non-existence of <instance>/lib directory.

Additional Information: This directory is not created by the installer. Users have to create the directory if it does not exist.

6347905 

No CLI support to configure FastCGI. Need to manually edit obj.conf or magnus.conf files to configure FastCGI.

6485248 

The fastcgi stub does not properly close all the processes when reuse-connection is set to true.

Configure Web Server 7.0 to work with PHP as a FastCGI plug-in and set reuse-connection=true. When you shutting down the server or reconfiguring the server, the fastcgi() process and its child processes are left behind and not killed properly.

6504587 

Memory leak found in FastCGI.

4988156 

Installing the stand-alone product over an existing Java ES installation and vice-versa is not supported.

Installing Web Server 7.0 as a stand-alone product over an existing Java Enterprise System (Java ES) installation is not supported. Java ES users of the Web Server must use the Java ES installer to upgrade to the newer version of the Web Server. 

6414481 

Web Server cannot be installed without installing compat-libstdc++.

Workaround:

On newer versions of Linux, for example, Red Hat Enterprise Linux 3, install compat-libstdc++ before installing Web Server 7.0.

6414539 

Uninstalling the administration node does not delete itself from the administration server node.

After installing the administration node and registering it with the administration server in the Node tab, the administration node is listed in the Node tab. When the administration node is uninstalled, the administration node entry remains in the Node tab. 

6503505 

On Linux, the installer does not increment or assign a new administration port number, if the default port is already in use.

6504748 

With delete instance option, instead of deleting the symbolic links, the uninstaller deletes files from symbolic links.

6287206 

Cannot install if the setup is started from a shared folder on the network.

On the Windows platform, unable to install the product when the installer setup.exe is started from a shared network folder on another machine.

6311607 

On Windows, installer crashes in CLI mode, if the administration password is >= 8 characters.

If the administration user password is greater than eight characters, then any invalid input to the administration port, web server port, or the administration user ID crashes the installer. 

Workaround:

When installing Web Server 7.0 on the Windows platform using the command-line interface (CLI), the administration password must be set to less than (<) eight characters. 

6408072 

On Windows, need icons for objects in Programs folder.

The objects in the Sun Java System Web Server 7.0 folder on Windows are created with default Windows program icons and do not have specific icons that denote Sun programs. 

6492144 

On Windows, CLI installer does not handle ctrl+c while entering the password.

The installer does not accept ctrl+c and hence the terminal becomes unusable.

6407877 

Incorrect migration occurs while migrating from Web Server 6.0 to 7.0 if the installed.pkg file is not found.

In Web Server 6.0 to 7.0 migration, if the installed.pkg file is missing, Web Server incorrectly migrates the NSServlet entries in the magnus.conf file.

6490124 

6.x -> 7.0: Migrated scheduled events still points to 6.x paths in the server.xml file.

6502529 

6.1->7.0: Migration does not handle relative path set for search-collection-dir correctly.

During instance migration, specifying a relative path for the target path into which the search collections should be copied, results in the search collection directory being created with respect to the config-store. When the instance is instantiated, the indexes are created without properly migrating the search collections.

6502769 

6.x->7.0: Migration ignores any "document-root" NameTrans specified in the obj.conf file.

6498806 

On Windows, Web Server Admin Console does not appropriately warn users during migration.

Administration Server does not detect if the selected new configuration or the service name already exists on Windows and hence does not appropriately warn the users to select a different configuration name or suggest a different configuration name as default. 

6500509 

Web Server 7.0 migration tool is unable to successfully migrate from Web Server 6.1 if it has Root Certs installed in it.

6356234 

The NameTrans map should accommodate ;- delimited URI parameters.

The NameTrans map SAF's from parameter specifies a prefix that is compared against the requested URI. If the requested URI begins with this prefix but is suffixed with a ;-delimited URI parameter, the map SAF fails to map the request.

6424569 

Map to parameter is not optional.

The map SAF's to parameter is not optional. This is useful for terminating NameTrans processing and assigning an object: NameTrans fn="map" from="/.perf" name="perf"

6424570 

All mapping SAFs should accept a name parameter.

6302983 

Samples refer to "Sun ONE" instead of "Sun Java System".

The servlet sample, LocaleCharsetServlet.java, co-packaged with Web Server 7.0 refers to “SunONE” instead of “Sun Java System”.

6472796 

sendmail.jsp shows incorrect file to be edited to specify resource.host for javamail sample application.

Workaround

To set javamail.resource.host, edit the javamail.build.properties and not the build.xml as specified in install_dir/samples/java/webapps/javamail/src/docroot/sendmail.jsp.

6475485 

digest plug-in README has an outdated documentation URL and possibly an old product name for Directory Server.

6495588 

sampleapps/java/webapps/simple docs invalid.

The documents for a simple sample application shows an incorrect pathname. The path should be install_dir/plugins/java/samples/webapps/simple/src instead of install_dir/samples/java/webapps/simple/src.

6413058 

server.xml does not store the full file pattern for converting and including search .

The schema does not store the full file pattern allowed by both the Admin Console and the search administration tools in this version of the Web Server. It also has no way to represent the full file pattern that might sometimes need migration from the previous versions of the Web Server.  

6433752 

ssl-check is not working with NSAPI based plug-in.

"PathCheck fn="ssl-check" secret-keysize=128 bong file="xxxxx.yyy.html" 

For static file requests, if the secret-keysize of the client is less than the size specified by the server and a bong file is present, then the bong file is sent back as the response. However, requests for dynamic content (for example, JSP files) return the actual requested object (for example, the JSP file) rather than the bong file.

6421617 

Problem having server-parsed HTML (ParseHTML) and .htaccess with restricted group option.

Authentication succeeds when parsing through a HTML file which has the shtml include entries and is configured to authenticate through .htaccess which has the "restricted by group" option enabled. If the group user gets authenticated, then the result page does not get shtml include entries. This however works fine with the user in .htaccess file has "restricted by user" option.

6376901 

Limitation supporting basic and digest-based ACLs for resources in the same directory.

If the server uses digest and basic-based ACLs in different parts of their doc tree, attempting to use both simultaneously on different files or resources in the same directory is not possible. 

6431287 

TLS_ECDH_RSA_* require the server cert signed with RSA keys.

Cipher suites of the form TLS_ECDH_RSA_* requires server to have an ECC keypair with a cert signed using RSA keys. Note that this precludes using these cipher suites with self-signed certificates. This requirement is inherent to these cipher suites and is not a bug. The server should detect and warn about wrong configurations related to these cipher suites but currently it does not do so.

6467621 

Request to the server fails with using of "Sun Software PKCS#11 softtoken".

Refer to the following documents for additional info on configuring the Web Server with Solaris 10 libpkcs11:

http://www.sun.com/bigadmin/features/articles/web_server_t1.html

http://www.sun.com/blueprints/browsedate.html#0306

6474584 

dayofweek does not take "*" as an option.

For example, set an ACL as follows:  

acl "uri=/"; 
deny (all) dayofweek="*"; 
allow (all) dayofweek="Sat,Sun";

In this program, you are restricting access on all days of week except Saturday and Sunday. This program does not work as you can you can successfully access the ACL on a Monday. 

Workaround

Set the ACL as follows to restrict access to ACL on Monday through Friday. 

acl "uri=/";
deny (all) dayofweek="Mon,Tue,Web,Thu,Fri";
allow (all) dayofweek="Sat,Sun";

This denies the request on a Monday. 

6489913 

SSL session cache cannot be disabled.

Session cache is enabled by default. When the session cache is disabled and URL is accessed through the HTTPs protocol, the URL does not go through and the server log displays an error message indicating that the SSL cannot be configured without session-cache.

Workaround

Reduce the SSL cache size and expiration to the minimum supported values. 

6510486 

htaccess rules can become corrupted in memory.

If a single .htaccess file has more than five allow or deny rules, it is possible that some of the rules may become corrupted in memory. If this occurs, some of the rules may be bypassed.

Workaround

Limit a single .htaccess file to five rules or less.

Or, Use the ACL subsystem instead of htaccess to control access to server resources. For information on setting up ACLs, see the Sun Java System Web Server 7.0 Administrator’s Guide.

6370032 

Session failover does not happen with RequestDispatcher include call.

While deploying two web applications on a cluster where the first application calls on the second application using the RequestDispatcher() include call, the persistence valves are not called during the RequestDispatcher()'s invoke() method, and session replication does not occur.

6381950 

Incorrect load factor set for BaseCache.

Session replication does not support more than two web applications. 

6381954 

Session replication fails to work on multiple web applications involving RequestDispatcher due to bad sequence.

6383313 

Incorrect path is set on SR-intanceId cookie.

The SR-instanceId cookie should be set to the web application's path instead of the servlet's path.

6324321 

Descriptive error message is not displayed when an error occurs remotely.

When an exception occurs remotely, error messages are logged in the error log of the remote instance. However, the local instance currently displays a generic remote exception which does not clearly indicate which error log that the user must view. 

6396820 

Session replication does not failover correctly when cookies are disabled on the client.

6406176 

When enabled, session replication should be the default session manager.

After enabling session replication by using the Admin Console or the CLI, or by editing the server.xml file, session replication is not really enabled. Instead, sun-web.xml needs to be manually edited.

6390112 

Java LDAP connection pool interaction issue - initial connection is never timed out.

Specifying a Java LDAP connection pool through the JVM options in the server.xml file and referencing this with an external JNDI resource when the web server is started, creates a pooled LDAP connection. With this connection, it is always marked as busy and the connection never expires.

4858178 

Web container writes to stderr.

6349517 

Incorrect web application session statistics for MaxProcs > 1 mode.

Web Server runs in multi-process mode. The MaxProcs configuration variable in the magnus.conf is used to set the maximum number of processes. If the value for MaxProcs is set to greater than 1, the Web Server uses mmap-based session manager so that the session could be shared among different JVMs. While collecting statistics from multiple processes, web application MBeans provide session for individual MBeans. There is no way to find the true number of sessions by seeing individual MBean's web application session statistics.

6394715 

Web container deletes the disabled web application MBeans object.

When the web application is disabled by setting the <enabled> element to false in the server.xml file, the web container deletes the web application's MBeans and hence treats it as a closed or deleted web application. Since disabled objects are deleted, statistics are also lost.

6419070 

No information is logged in error logs at the finest log level on successful JNDI resource creation.

6422200 

com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse does 1 byte reads.

When reading the server.xml file, the first line containing the XML version number and the encoding is read 1 byte at a time.

6432870 

Servlet container collects statistics when stats enabled element is set to false in the server.xml file.

6440064 

Servlet container creates a thread per virtual server.

6472223 

Values of 'mail-resource' sub elements are not getting set on mail session object.

6487083 

NSAPIRequest.setupRequestFields is slow.

com.sun.webserver.connector.nsapi.NSAPIRequest.setupRequestFields is slow primarily because of excessive String-->byte and byte-->String conversion when parsing Cookie headers.

6493271 

Java garbage collector activity is higher in Web Server 7.0 when compared against Web Server 6.1.

The servlet container in Web Server 7.0 creates many Java objects. 

6497803 

If a servlet is mapped to req URI formed by partial req + welcome file, the behavior is wrong.

If a web container receives a valid partial request, the web container must examine the welcome file list defined in the deployment descriptor. The welcome file list is an ordered list of partial URLs with no trailing or leading /. The Web Server must append each welcome file in the order specified in the deployment descriptor to the partial request and check whether a static resource or a servlet in the WAR file is mapped to that request URI. The web container must send the request to the first resource in the WAR that matches.

6501184 

REQ_EXIT causes javax.servlet.ServletException.

6501785 

The servlet container does not use accelerator cache when processing RequestDispatcher includes.

6500647 

On Windows, dynamic reloading of JSP produces incorrect output.

6467808 

Web Services application running on Web Server 7.0 throws “NAMESPACE_ERR: Unable to create envelope from given source” exception.

This issue is with the Java API for XML Processing JAR file, primarily the xerces.jar file part of JDK version 1.5.0_08 or later. Because Web Server 7.0 uses JAXP JAR files of JDK version 1.5.0_09, the issue is seen on Web Server. Latest JAXP JAR files of Web Services 2.0 pack has the fix for this issue but the fixed JAR files are not yet part of JDK software.

Workaround

Use the JAXP 1.3.1 JAR files instead of JAXP JAR files co-packaged with JDK software. 

Follow the steps below: 

1. Create endorsed directory if it does not exist under <JRE>/lib directory.

2. Place the JAXP 1.3.1 JAR files in the endorsed directory.

   Or,

   Pass the java.endorsed.dirs system property as a JVM option in <instance_dir>/config/server.xml file.

3. Set the property to the directory containing the JAXP 1.3.1 JAR files. For Example:

   <jvm>
   <jvm-options>-Djava.endorsed.dirs=/opt/SUNWjax/share/lib</jvm-options>
   </jvm>

6385933 

After creating the configuration, a multi-byte name becomes garbage.

1. Click on the Configurations tab.

2. Select Copy or Create Configuration.

3. Type a multi-byte string in the Name of Configuration filed and enter other information in the screen.

4. Click the Finish button.

   Displays the list of configurations that includes a string ??? instead of the entered name. You cannot restart the instance.

6316881 

Multi-byte characters in headers can not be retrieved by req.getHeader().

The characters are not parsed correctly, when request.getHeader() is called.

5046634 

There is no functionality equivalent to use-responseCT-for-headers in Web Server 7.0.

Response header encoding is enabled at the web-app level by setting the value of the configuration parameter use-responseCT-for-headers to any of the values; yes, true, or on in the web-app/sun-web.xml file.

For example, set Response header encoding as follows: 

<sun-web-app>
 <parameter-encoding form-hint-field="j_encoding"/>
 <property name="use-responseCT-for-headers" value="true" />
 <session-config>
 <session-manager/>
 </session-config>
 <jsp-config/>
 </sun-web-app>

6503931 

schema.properties file is not localized.

SchemaValidationExceptions caused by the Administration Server result in exception messages being read from the schema.properties file. This file is not localized.

6483354 

On Windows and HP-UX, file handle is not released by webservd process under certain conditions.

1. Access the Web Server Admin Console through the login URL.

2. Select the 'Configuration' tab from the administration page.

3. Select a configuration link, and then select the 'Virtual Server' link.

4. Set 'Negotiate Client Language' to enabled and note your language, such as "zh-CN".

5. Click the 'Save' button.

6. Restart Web Server by clicking the 'Deployment pending' link in the Admin Console or manually.

7. In Internet Explorer, type a nonexistent URL, for example, http://yourmachine/xyz.

   The "page not found" is displayed in Internet Explorer 6.

Expected Result: The "Not found" page should be displayed correctly in Internet Explorer instead of the "page not found" error.  

6507819 

Localized online help content have some differences from English.

6507819 

Localized version of Web Server online help contents have some differences from English.

The Japanese online help do not have online help content for the following screens in the Admin Console: 

Editing Access Log Preferences 

Editing Server Log Preferences  

Archiving Log Files 

Setting Log Rotation 

6508299 

Garbage characters are displayed for search results on the left panel of online help of Web Server on non-English locales.

Using Search tab on the online help to search for some content displays garbage characters in the search result page.  

6494089 

Administration Server node has un-localized string.

• Log in to the Web Server Admin Console as an administrator.

• Click on Nodes tab.

  Displays un-localized strings, for example, 'This is the Administration Server Node'.

6502036 

Help window displays an 'Application Error' message in the left pane.

On Linux, accessing Help from the localized version of Admin Console displays an 'Application Error' message.  

6484181 

Portal Server configures JVM stack size to 128K (too low) for Web Server 7.0 64–bit to start.

If Web Server 7.0 is already configured in 64–bit mode, and the Portal Server installation is started, Portal Server configuration does not set stack size to 128K. However, if both Portal Server and Web Server are already installed and configured in 32–bit mode, switching to 64–bit mode involve series of manual steps that are described in the Workaround section. 

Workaround

If Portal Server part of Java ES 5 is deployed on top of the 32–bit version of Web Server 7.0, and if you would like to start the server in 64-bit mode, perform the following steps: 

1. # install_dir/bin/wadm delete-jvm-options --user=admin --port=8989 --password-file=passfile --config=HOST_NAME "-Xms512M -Xmx768M -Xss128k"

2. # install_dir/bin/wadm create-jvm-options --user=admin --port=8989 --password-file=passfile --config=HOST_NAME "-Xms512M -Xmx768M -Xss512k"

3. Increase the native stack size of Web Server 7.0 to 139264 by typing the following command:

   # install_dir/bin/wadm set-thread-pool --user=admin --config=config_name --password-file=filename native-stack-size=139264

4. Deploy the configuration.

   # install_dir/bin/wadm deploy-config

6487041 

schemagen/xjc/wsgen/wsimport scripts not present in Java ES Web Server installation.

schemagen/xjc/wsgen/wsimport scripts are present in different locations in Java ES installation and stand-alone installation of Web Server.

Workaround

The scripts are part of the Web Services components. In a stand-alone Web Server installation, these scripts and JAR files are located in install_dir/bin and install_dir/lib directories respectively.

In Java ES installation, scripts and JAR files are installed as part of the shared component and they reside outside the Web Server installation root.  

The location of scripts and JAR files on different platforms are listed below: 

Solaris OS: 

• Scripts are under /opt/SUNWjax/bin directory.

• JAR files are under /opt/SUNWjax/lib and /usr/share/lib directory.

Linux and HP-UX: 

• scripts are under /opt/sun/bin and /opt/sun/share/jaxb/bin directories.

• JAR files are under /opt/sun/share/jaxb/lib, /opt/sun/share/lib and /opt/sun/private/share/lib directories.

Windows: 

• Scripts are under <JES_installation_dir>\share\bin and <JES_installation_dir>\share\jaxb2\bin directories.

• JAR files are under <JES_installation_dir>\share\jaxb2\lib and <JES_installation_dir>\share\lib directories.

6432106 

Sun Java System Portal Server search throws exception after Web Server upgrade.

Portal Server search functionality throws exception when upgrading Web Server from Java ES 4 to Java ES 5.  

Workaround

Move the existing libdb-3.3.so and libdb_java-3.3.so library files to an appropriate location, somewhere outside the Web Server's private directories. Once the Portal Server libraries are in a suitable location, that path must be specified for the <libdb-3.3.so path>:<libdb_java-3.3.so path> in the following commands.

On Solaris platform, perform the following steps: 

1. Copy the libdb-3.3.so and libdb_java-3.3.so files from Web Server 6.1 lib directory to an appropriate location.

   ---

   Note –

   For HP-UX, the files are libdb-3.3.sl and libdb_java-3.3.sl. For windows, the files are libdb-3.3.dll and libdb_java-3.3.dll.

   ---

   ---

   Caution –

   Do not copy the library files to Web Server 7.0 private directories (For example, lib directory).

   ---

2. Create a directory (mkdir) by name /portal_libraries. Copy the library files libdb-3.3.so and libdb_java-3.3.so to /portal_libraries.

3. Use the wadm command to inform the Web Server about the location of the library files.

4. Get the current native library path setting by typing the following administration CLI command:

   get-jvm-prop -user=admin --config=hostname native-library-path-prefix

   Save the output.

5. Append the copied libdb-3.3.so and libdb_java-3.3.so path to the existing native library path by typing the following administration CLI command.

   set-jvm-prop --config=hostname native-library-path-prefix=<existing native library-path>:</portal-libraries-path>

   where, portal-libraries-path is the location of where you copied the libdb-3.3.so and libdb_java-3.3.so files in Step 1.

   If you do not get any results or output for the get-jvm-prop command, at the command prompt, set the native-library-path-prefix:

   native-library-path-prefix=</portal-libraries-path>

6. ---

   Note –

   For Windows platform, use ';' as the separator for native-library-path-prefix parameter as follows:

   native-library-path-prefix=<existing native libarary path>;<portal-libraries-path>

   For non-Windows platform, use the ':' as the separator for native-library-path-prefix parameter as follows:

   native-library-path-prefix=<existing native libarary path>:<portal-libraries-path>

   ---

7. Deploy the modified configuration by typing the following command:

   deploy-config [--user=admin-user] config-name

6504178 

Migration logs reports a bogus "root is not a valid user" message on Java ES 5.

While migrating from Java ES 4 to Java ES 5 on UNIX platforms, the migration log file reports WARNING: "root is not a valid user". This is incorrect as the "root" user is valid on that host.

6453037 

A lot of warnings/info messages displayed at Web Server startup on the standard output instead of routing these messages to the log file.